CWE-401: Missing Release of Memory after Effective Lifetime

Description

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

Example Vulnerable Codes

Example - 1

The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:


return NULL;

return NULL;
char* buf = (char*) malloc(BLOCK_SIZE);if (!buf) {}if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {}return buf;char* getBlock(int fd) {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-390: Detection of Error Condition Without Action
Go to
CWE-404: Improper Resource Shutdown or Release
Go to
CWE-772: Missing Release of Resource after Effective Lifetime
Go to

Visit http://cwe.mitre.org/ for more details.